← Back

Privacy Policy

This Privacy Policy describes how Kompas Podróży (the "Service") processes the personal data of its users. Processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and supplementary national legislation.

Contents

1. Data controller

The controller of personal data is Rainbow Horizon Dominik Michalski, ul. Polna 4b, 32-043 Skała, Poland, Tax ID (NIP): 5130248221, REGON: 366277755, operating in the Republic of Poland, European Union. You may contact the Controller at: kontakt@kompaspodrozy.pl. The Controller processes data exclusively for the purposes set out in this Policy and on the legal bases listed below.

2. What data we collect

In the course of using the Service we collect the following categories of data: (a) account data – email address and password (hashed); optionally a name or alias provided by the user; (b) travel data – trip plans, itineraries, budgets, packing lists, and journal entries created by the user; (c) technical data – access logs, IP address, HTTP headers, browser type and version, operating system; this data is necessary to ensure security and diagnose errors; (d) analytics data – anonymous or pseudonymous interaction events (PostHog) collected only after the user gives consent. The Service does not collect special categories of personal data within the meaning of Article 9 GDPR.

3. Purposes and legal bases

We process data for the following purposes: (a) performance of a contract – providing trip-planning services, storing account data and user-generated content (Art. 6(1)(b) GDPR); (b) legitimate interest of the controller – fraud prevention, technical security, crash analysis and diagnostics (Art. 6(1)(f) GDPR); (c) compliance with a legal obligation – in particular tax law, DSA and GDPR requirements (Art. 6(1)(c) GDPR); (d) user consent – behavioural analytics and personalised content (Art. 6(1)(a) GDPR); consent may be withdrawn at any time without affecting the lawfulness of prior processing.

4. Recipients of data

We transfer data only to trusted sub-processors who process it on our behalf: Supabase Inc. (database and authentication infrastructure, servers in region EU-West-2), Vercel Inc. (hosting and CDN, Edge Network), Sentry (error monitoring, pseudonymised data). These processors operate under data processing agreements and apply security standards consistent with GDPR. We do not sell personal data to third parties.

5. Your rights

6. Cookies and tracking

The Service uses cookies strictly necessary for operation (user session, theme preferences). Analytics cookies (PostHog) are loaded only after consent is given. You can manage consent via the cookie banner shown on your first visit or in your browser settings. Blocking analytics cookies does not affect the functionality of the Service.

7. Retention periods

Account data and travel content are retained for the duration of your account and up to 12 months after its deletion (for potential legal claims). Technical logs are retained for 90 days. Analytics data is retained in anonymised form for up to 24 months.

8. Changes to this policy

We reserve the right to update this Privacy Policy. We will notify you of material changes by email or via an in-app notice with at least 14 days' notice. Continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy.

Related pages

HomePricingTrip catalogTerms of ServiceContact

Be among the first travellers

We're polishing the app before launch. Leave your e-mail — I'll personally let you know when it's live. Waitlist subscribers receive a −25% discount code for the Plus plan at launch.

Used exclusively for the launch announcement. No other emails.